Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » General Security Discussion » USB Hacksaw

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

USB Hacksaw


Posted by pas2fl on November 02, 2006 09:50:07

http://www.hak5.org/wiki/USB_Hacksaw

Has anyone seen the above link yet. There is no really good mitigation out for stopping this from the OS level. I wonder if anyone is working on a rule for detecting this kind of traffic. It is encrypted but I wonder if it has some other specific signature. any thoughts?

Posted by duh on November 02, 2006 10:30:49

Looking at it quickly, the best/only route may be to watch for SSL traffic to smtp.gmail.com. If you use a proxy server, it shouldnt go through though. Or assuming you have proper firewall rules, it shouldnt go through (dont allow smtp inbound except from your main smtp server(s).
site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.